Creating Competitive Advantage: The role for ALM in the PLM world

Similar documents
PLM and ALM Getting Together

SWOT Assessment: FireMon Security Manager Suite v7.0

SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.

WHITE PAPER. Written by: Michael Azoff. Published Mar, 2015, Ovum

The Impact of RTCA DO-178C on Software Development

F-22 Raptor. Agenda. 1. Motivation

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

Reduce Medical Device Compliance Costs with Best Practices.

Secunia Vulnerability Intelligence Manager

Key Benefits of Microsoft Visual Studio Team System

Software Development for Medical Devices

Software Development for Medical Devices

Why enterprise data archiving is critical in a changing landscape

On the Radar: NextPlane

SD Elements: A Tool for Secure Application Development Management

Ovum Decision Matrix: Selecting an Enterprise Content Management Solution,

Systems Engineering: Development of Mechatronics and Software Need to be Integrated Closely

Effective Software Verification for Medical Devices

FDA Releases Final Cybersecurity Guidance for Medical Devices

MANAGEMENT SUMMARY INTRODUCTION KEY MESSAGES. Written by: Michael Azoff. Published June 2015, Ovum

Software: Driving Innovation for Engineered Products

IBM Rational systems and software solutions for the medical device industry

SWOT Assessment: dotcms dotcms v2.5

Closed Loop Quality Management: Integrating PLM and Quality Management

Enabling Continuous Delivery by Leveraging the Deployment Pipeline

Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support

Application Security in the Software Development Lifecycle

When COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems. Chris Hobbs, Senior Developer, Safe Systems

Software: Driving Innovation for Engineered Products. Page

Reducing Application Vulnerabilities by Security Engineering

Secunia Corporate Software Inspector (Secunia CSI) ver.5.0

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

ImageWare Systems, Inc.

ISO 27001: Information Security and the Road to Certification

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Introduction into IEC Software life cycle for medical devices

SWOT Assessment: Eccentex AppBase v5.0

Life Sciences Product Development Artifacts Survey Results

Agile and Secure: Can We Be Both?

Five steps to improving the customer service experience

Case Study: Unifying ITSM Practices and Technology

On the Radar: Be Informed

Rally Integration with BMC Remedy through Kovair Omnibus Kovair Software, Inc.

DO-178B compliance: turn an overhead expense into a competitive advantage

Medical Device Software Standards for Safety and Regulatory Compliance

Orchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments

Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015

Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support

Development of AUTOSAR Software Components within Model-Based Design

Building Resilient Systems: The Secure Software Development Lifecycle

Parameters for Efficient Software Certification

CDRH Regulated Software

Agile and Secure: OWASP AppSec Seattle Oct The OWASP Foundation

SWOT Assessment: CoreMedia, CoreMedia 7

Technical Data Sheet SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers

Driving Your Business Forward with Application Life-cycle Management (ALM)

Differentiate your business with a cloud contact center

Role of the systems engineer in safety critical systems. Dr. Cecilia Haskins, CSEP Keynote address WOCS 27. September 2012

Using CMM with DO-178B/ED-12B for Airborne System Development

Pentests more than just using the proper tools

Testing of safety-critical software some principles

Seven Practical Steps to Delivering More Secure Software. January 2011

Anatomy of an Enterprise Software Delivery Project

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

ORACLE AGILE PLM FOR THE MEDICAL DEVICE INDUSTRY

How To Improve Your Software

Testing the Internet of Things

Improving Embedded Software Test Effectiveness in Automotive Applications

Revision History Revision Date Changes Initial version published to

Information Security Managing The Risk

Best practices for developing DO-178 compliant software using Model-Based Design

Development of a Process Assessment Model for Medical Device Software Development

RTP s NUCLEAR QUALITY ASSURANCE PROGRAM

The Tester's Role in Continuous Integration

IBM Rational Rhapsody

Securing Remote Vendor Access with Privileged Account Security

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

FINRA Publishes its 2015 Report on Cybersecurity Practices

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

How To Protect Your Employees From Being Hacked By A Corporate Firewall

Understanding Enterprise Cloud Governance

Pentests more than just using the proper tools

Transcription:

Creating Competitive Advantage: The role for ALM in the PLM world Michael Azoff Principal Analyst, Ovum michael.azoff@ovum.com Version 9 Oct, 2014 1 Copyright Ovum. All rights reserved. Ovum is a subsidiary of Informa plc.

Agenda This presentation in one slide: 1. Engineered product complexity is increasing. 2. ALM experience and tools exist. 3. The trend is for ALM and PLM systems to combine. 4. Engineered products with huge software content are shipping now. 5. The safety-critical standards are catching up. 6. Industry is beginning to exploit 2) and 3) and there is a lag between 4) and 5). 7. Internet of Things security issues want to spoil the party. 8. It is time to re-think how we approach the challenges to reap benefits. 2

Embedded software in engineered products Engineers now have choice to design same functionality mechanically, electronically or in software. Today software is the value add in engineered products. 3

Complexity growth of embedded systems Source: Christof Ebert & Capers Jones, IEEE Computer 4

Size of codebases are increasing Source: informationisbeautiful.net 5

Systems of systems Source: Inchron 6

ALM and PLM 7

Product Lifecycle Management 8

Product change requests across the lifecycle Product lifecycle 9

Embedded software risk 10

ALM maturity in a PLM world 11

Software lifecycle management A mature practice in enterprise IT, relatively new concept in PLM world. 12

Engineered product verification testing Product Lifecycle management / QA Interface Finished product interface testing: Is it safe? Is it secure? Does what its meant to? Tester Model in the loop Software in the loop Hardware in the loop Testing in design development: Take testing upstream Improve quality Improve testing and QA process 13

Agile testing and QA: automation: continuous testing 2. Triggers continuous integration and testing server Source codebase server Build server 1. Commit code changes 3. Testing feedback report Software engineering team 14

Business benefits of ALM-PLM integration Visibility across all assets: Improve search and locate information. Accurately link firmware with hardware: Avoid errors, avoid damage costs, avoid reputation risk. Traceability of assets for engineers in all lifecycle phases: Reduce time wasted. Enable effective collaboration across globally distributed units. Support maintenance, repair, & operations (MRO): Quickly locate parts and manage defect fixes. Reduce inoperative time of broken products. 15

Future for ALM and PLM ALM name will appear differently across vendor solutions will add to confusion for users. We see ALM as an essential toolset to adopt in increasingly embedded software led PLM world: Industry has no choice! Manage the complexity or be drowned by it. Software development complexity is a new experience for many in engineered product world. ALM system adoption is a decision for management. PLM vendors are moving towards ALM in different ways, this is one of the most active areas in the PLM solution space right now. ALM-PLM integration is necessary integration standards can reduce costs for end users. 16

Different stakeholders in ALM adoption Executive management Product management Software and systems engineers IT department It matters who has the budget and final say on ALM product choice 17

Safety, standards, and security 18

Many standards for safety-critical compliance: Avionics Aircraft certification Standard Release date Aircraft Systems SAE ARP4754A 01 Dec 2010 Airborne Software RTCA DO-178C 13 Dec 2011 Airborne Electronic Hardware RTCA DO-254 19 Apr 2000 CNS/ATM Software RTCA DO-278A 13 Dec 2011 Software Tool Qualification RTCA DO-330 13 Dec 2011 Model-Based Development and Verification Supplement RTCA DO-331 13 Dec 2011 Object-Oriented Technology Supplement RTCA DO-332 13 Dec 2011 Formal Methods Supplement RTCA DO-333 13 Dec 2011 Guidelines for Development of Civil Aircraft and Systems SAE ARP4754A 21 Dec 2010 19

Many standards for safety-critical compliance: medical Medical devices certification Standard Release date FDA: Quality system regulation 21CFR 820 1 April 2008 FDA: Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices FDA: General Principles of Software Validation, Final Guidance for Industry and FDA Staff Quality management systems Requirements for regulatory purposes Medical device software life cycle processes Application of Risk Management to Medical Devices 337 11 May 2005 11 Jan 2002 ISO 13485 2003 EN 62304 2006 ISO 14971 2007 Council Directive MDD 93/42/EEC 5 Sep 2007 20

Safety-critical standards, continued Automotive ISO 26262 Motor Industry Software Reliability Association (MISRA) Industrial control IEC 61508 Railways EN 50128 Nuclear power IEC 60880 21

ALM plays crucial role to enable traceability For example, Airborne Software DO-178C on software development traceability: Trace Data, showing the bi-directional association between system requirements allocated to software and high-level requirements is developed. Trace Data, showing the bi-directional association between the highlevel requirements and low-level requirements is developed. Trace Data, showing the bi-directional association between the lowlevel requirements and the source code is developed. 22

Software in standards Each industry is addressing same issues of lifecycle management and governing software quality. The relevant standards are distributed across many documents and difficult to get a single view. There is a lag between what the standards bodies are issuing and the practice in the field: Compliance standards are not forward looking they are backward looking. 23

Assessing risks by looking backwards 24

25

What can be done about software security in products Code in machine language. Move security into hardware: Move algorithms onto chips. Intel is building hooks at chip level for security purposes (acquired McAfee) Create separation layer and one way traffic between safety critical and rest of system, eg infotainment system. Security thinking: A lot of knowledge exists but is implemented because of cost. 26

Software Security Development Lifecycle (SSDL) Training Design Implement Test Release Response Comprehensive security development initiative A strategic approach to improve quality and security understanding from the beginning to the end of a project. Goal is to keep improving security through applying a security process (not by chance), the SSDL. Focus on building-in security functions, as well as security hygiene: Functions: authentication, authorization, encryption, input validation. Hygiene: prevent top 10 OWASP defects. 27

Secure connected products Build software using SSDL. Secure by default. Input validation. Multi-factor authentication. Reduced attack surface. Prevent known exploits. 28

Software safety standards Creating high quality software is difficult. Ensuring safety-critical standards are met will get more and more difficult as codebases keep increasing. Internet of Things will create opportunities but also security risks: Connecting products that can cause harm makes malware life threatening. 29

Industry safety-critical standards are siloed DO 178C ISO 26262 IEC 62304... 30

But software is software Propose for industries to adopt joint common software standard and guidelines... DO 178C ISO 26262 IEC 62304 31

Benefits of a unified approach to embedded software safety-critical standards Tackle the most serious issue: No existing embedded software security standards. Shared experiences and rapid distribution of good practices. Unified practices can promote better tool support the ALM vendors will move faster to support the standards. Promote software and hardware re-use as standards in ECUs are also promoted. Can benefit from software security activity in enterprise IT: E.g. ISO/IEC 15408: Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) international standard for computer security certification. 32

Inhibitors Core competencies are commercial confidential. Tool vendors give way to open standards slowly. Engineering companies are protective of their markets. 33

Software standards exist that can form a starting point for embedded software Aspects of software lifecycle management such as ALM tool traceability are being required for safety-critical certifications. There is more that can be adopted, e.g. automation of traceability and visibility across all aspects of development, and across ALM and PLM. Ensuring high quality software, guidelines and rules for common software defects exist: Open Web Application Security Project (OWASP) is an online community dedicated to web application security. Mitre Corporation (US federal not-for-profit) maintains Common Weakness Enumeration (CWE, http://cwe.mitre.org/top25/) lists of most dangerous software errors. Object Management Group (OMG) has issued first version of Consortium for IT Software Quality (CISQ) standards: http://it-cisq.org/standards-page/ There exists an ISO standard aimed at software industry: ISO/IEC 12207:2008 (reviewed and confirmed in 2013): systems and software engineering, software life cycle processes. 34

What can we do next Industries will gain the benefits of software in engineered products if they co-operate in building safe and secure software. Software security is the biggest threat to the software innovation we seek and the Internet of Things we want to build therefore addressing this issue must be the driver. The large engineering companies (from manufacturing to tools vendors) have leadership role opportunities to make a common cause possible. 35

michael.azoff@ovum.com 36

Disclaimer All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher, Ovum (an Informa business). The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect. 37

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information